‘Jingle Thief’ Highlights Retail Cyber Threats
A Morocco-based gift card fraud campaign is a sign of what retailers can expect this holiday season.
A Morocco-based gift card fraud campaign is a sign of what retailers can expect this holiday season.
Related
TrueConf Zero-Day Attack
What is the Attack? Operation TrueChaos is a targeted cyber espionage campaign exploiting a zero-day vulnerability in the TrueConf video conferencing platform. The campaign primarily targets government entities in Southeast Asia by replacing a legitimate update with a malicious one. Threat actors effectively weaponized the product’s trusted update mechanism, transforming it into a covert malware…
North Korea-Linked UNC1069 Uses AI Lures to Attack Cryptocurrency Organizations
The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of facilitating financial theft. “The intrusion relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported…
DPRK Fake Job Scams Self-Propagate in ‘Contagious Interview’
A compromised developer’s repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other malware.
Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days
Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known. Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities relate to privilege escalation, followed by 18 remote code execution, 10…
Are Forgotten AD Service Accounts Leaving You at Risk?
For many organizations, Active Directory (AD) service accounts are quiet afterthoughts, persisting in the background long after their original purpose has been forgotten. To make matters worse, these orphaned service accounts (created for legacy applications, scheduled tasks, automation scripts, or test environments) are often left active with non-expiring or stale passwords. It’s no surprise